Microsoft now offers the ability to link an Azure Active Directory (AAD) work account and a personal Microsoft account (MSA). Link accounts will be enabled by default to an organization’s employees, but still requires employees to opt-in. The choice to link accounts is in an employee’s hands, and they need to take action to connect their AAD and MSA accounts.
As an administrator, you can turn off the account linking default using a PowerShell script.
Note: Changes to the account linking setting can take up to 24 hours to take effect.
With account linking, AAD users with a linked MSA account can now earn Microsoft Rewards points for Microsoft Bing searches done in their browser or Windows search box while signed in with their AAD account.
For enterprises with account linking enabled, employees with an AAD and MSA account have the choice to opt into account linking through entry points such as Microsoft Edge and Microsoft Bing.
When account linking is enabled, employees won’t need to switch between their MSA and AAD accounts to earn Microsoft Rewards. Employees with a linked personal Microsoft account will earn rewards for Bing searches that they’re already doing while signed into their AAD, and these points can be redeemed for rewards, including donations to nonprofits.
Data from an employee’s personal Microsoft account, such as personalization preferences and Rewards history, are stored separately from their work or school account. Linking personal and work accounts does not in itself allow an employer to see an employee’s preferences or activity. If an employee is using a device provided by an employer, school, or similar organization, traffic from both accounts may be monitored—but this is determined by the organization and is not a result of linking accounts. Microsoft’s principles for data security and privacy in the enterprise still hold, which ensures that confidential information including search history will not be collected on AAD accounts even after accounts are linked. Microsoft will not collect any new data for targeted advertising as a result of this change.
If an organization uses Microsoft Search in Bing, the administrator has access to aggregated search information, but linking accounts will not in itself grant access to an employee’s personal search history. For more information about search history and Microsoft Search in Bing, see 'Security and Privacy for Microsoft Search in Bing' here.
As an administrator, you can turn off the account linking default using a PowerShell script.
You can disable account linking for your tenant using the following steps:
-
Download this PowerShell script
-
Open an instance of the PowerShell script in admin mode
-
Run the following command first “Set-ExecutionPolicy unrestricted”
-
Run the PowerShell script
-
Follow the instructions the script prompts
-
The cmdlet will prompt you to sign in with your AAD account
-
Once signed in, it will disable account linking for your tenant
-
If you have any issues, please re-run the script, if the issue persist, please contact support
Employees can enable or disable account linking from Profile preferences in Microsoft Edge Settings, the Microsoft Start Management Experience, and Bing Identity Control.